2024-07-25 12:23:36 +02:00
<!DOCTYPE html>
< html lang = "en" >
< head >
< meta charset = "utf-8" >
< meta http-equiv = "X-UA-Compatible" content = "IE=edge" >
< meta name = "viewport" content = "width=device-width, initial-scale=1.0" >
< meta name = "description" content = "" >
< meta name = "author" content = "" >
< link rel = "shortcut icon" href = "../../../../../../assets/img/favicon.png" >
2024-08-04 11:10:28 +02:00
< title > Hidden Service with custom .onion Vanity V3 address< / title >
2024-07-25 12:23:36 +02:00
<!-- Bootstrap core CSS -->
< link href = "../../assets/css/bootstrap.css" rel = "stylesheet" >
< link href = "../../assets/css/xt256.css" rel = "stylesheet" >
<!-- Custom styles for this template -->
< link href = "../../assets/css/main.css" rel = "stylesheet" >
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!-- [if lt IE 9]>
< script src = "https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js" > < / script >
< script src = "https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js" > < / script >
<![endif]-->
< / head >
< body >
<!-- Static navbar -->
< div class = "navbar navbar-inverse-anon navbar-static-top" >
< div class = "container" >
< div class = "navbar-header" >
< button type = "button" class = "navbar-toggle" data-toggle = "collapse" data-target = ".navbar-collapse" >
< span class = "icon-bar" > < / span >
< span class = "icon-bar" > < / span >
< span class = "icon-bar" > < / span >
< / button >
2024-10-06 21:59:43 +02:00
< a class = "navbar-brand-anon" href = "\index.html" > The Nihilism Blog< / a >
2024-07-25 12:23:36 +02:00
< / div >
< div class = "navbar-collapse collapse" >
< ul class = "nav navbar-nav navbar-right" >
< li > < a href = "/about.html" > About< / a > < / li >
< li > < a href = "/blog.html" > Categories< / a > < / li >
2024-08-12 23:22:38 +02:00
< li > < a href = "https://blog.nowhere.moe/donate.html" > Donate< / a > < / li >
2024-07-25 12:23:36 +02:00
< li > < a href = "/contact.html" > Contact< / a > < / li >
< / ul >
< / div > <!-- /.nav - collapse -->
< / div >
< / div >
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
< div id = "anon2" >
< div class = "container" >
< div class = "row" >
< div class = "col-lg-8 col-lg-offset-2" >
2024-08-18 22:50:34 +02:00
< a href = "../index.html" > Previous Page< / a > < / br > < / br > < p > < img src = "../../assets/img/user.png" width = "50px" height = "50px" > < ba > nihilist@mainpc - 2024-02-01< / ba > < / p >
2024-08-04 11:10:28 +02:00
< h1 > Hidden Service with custom .onion Vanity V3 address < / h1 >
2024-08-09 19:48:19 +02:00
< img src = "../hiddenservice/2.png" class = "imgRz" >
2024-08-04 11:10:28 +02:00
< p > In this tutorial we'll setup a Hidden Service with custom .onion Vanity V3 address, we'll set it up using nginx and Tor. < / p >
2024-07-25 12:23:36 +02:00
< / div >
< / div > <!-- /row -->
< / div > <!-- /container -->
< / div > <!-- /grey -->
<!-- +++++ Second Post +++++ -->
< div id = "anon3" >
< div class = "container" >
< div class = "row" >
< div class = "col-lg-8 col-lg-offset-2" >
< h2 > < b > Initial Setup < / b > < / h2 >
2024-08-04 11:10:28 +02:00
< p > Before starting, check if your ISP allows tor use or not. < b > And if it does not, make sure you install a VPN to hide the fact that you're using Tor< / b > as we did previously < a href = "../vpn/index.html" > here< / a > :< / p >
2024-07-25 12:23:36 +02:00
< pre > < code class = "nim" >
2024-08-03 18:41:13 +02:00
# Download the Mullvad signing key
sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc
2024-07-25 12:23:36 +02:00
2024-08-03 18:41:13 +02:00
# Add the Mullvad repository server to apt
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
# Or add the Mullvad BETA repository server to apt
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/beta $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
# Install the package
sudo apt update
sudo apt install mullvad-vpn
# Connect to Mullvad VPN
mullvad account login
Enter an account number: 91320912809328832
Mullvad account "91320912809328832" set
# Connect to the VPN:
mullvad lockdown-mode set on
mullvad connect
curl ifconfig.me
194.127.199.92
< / pre > < / code >
< p > Once done, install tor and compute your Tor domain:< / p >
< pre > < code class = "nim" >
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [/srv]
2024-07-25 12:23:36 +02:00
→ apt install gcc libc6-dev libsodium-dev make autoconf tor
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [/srv]
2024-07-25 12:23:36 +02:00
→ git clone https://github.com/cathugger/mkp224o
Cloning into 'mkp224o'...
remote: Enumerating objects: 1571, done.
remote: Counting objects: 100% (402/402), done.
remote: Compressing objects: 100% (83/83), done.
remote: Total 1571 (delta 341), reused 350 (delta 317), pack-reused 1169
Receiving objects: 100% (1571/1571), 1.89 MiB | 6.32 MiB/s, done.
Resolving deltas: 100% (982/982), done.
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [/srv]
2024-07-25 12:23:36 +02:00
→ cd mkp224o
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [/srv/mkp224o]
2024-07-25 12:23:36 +02:00
→ ls
autogen.sh base64_to.c filters_common.inc.h ioutil.h test_base64.c worker.h
base16_from.c calcest.c filters.h keccak.c test_ed25519.c worker_impl.inc.h
base16.h common.h filters_inc.inc.h keccak.h testutil.h yaml.c
base16_to.c configure.ac filters_main.inc.h likely.h types.h yaml.h
base32_from.c contrib filters_worker.inc.h main.c vec.c
base32.h COPYING.txt GNUmakefile.in OPTIMISATION.txt vec.h
base32_to.c cpucount.c hex.h README.md worker_batch.inc.h
base64_from.c cpucount.h ifilter_bitsum.h test_base16.c worker_batch_pass.inc.h
base64.h ed25519 ioutil.c test_base32.c worker.c
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [/srv/mkp224o]
2024-07-25 12:23:36 +02:00
→ ./autogen.sh
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [/srv/mkp224o]
2024-07-25 12:23:36 +02:00
→ ./configure
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether the compiler supports GNU C... yes
checking whether gcc accepts -g... yes
checking for gcc option to enable C11 features... none needed
checking whether CC supports -march=native... yes
checking whether CC supports -fomit-frame-pointer... yes
checking whether CC supports -fPIE... yes
checking whether CC supports -std=c99... yes
checking whether CC supports -Wall... yes
checking whether CC supports -Wextra... yes
checking whether CC supports -Wno-maybe-uninitialized... yes
checking whether CC supports and needs -Wno-format -Wno-pedantic-ms-format... no
checking whether CC supports -Wno-unused-function... yes
checking whether CC supports -Wmissing-prototypes... yes
checking whether CC supports -Wstrict-prototypes... yes
checking whether ARGON2ID13 is supported by libsodium... yes
configure: creating ./config.status
config.status: creating GNUmakefile
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [/srv/mkp224o]
2024-07-25 12:23:36 +02:00
→ make
< / code > < / pre >
< p > Now i want my tor domain to contain the "datura" characters so i do the following:< / p >
< pre > < code class = "nim" >
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [/srv/mkp224o]
2024-07-25 12:23:36 +02:00
→ ./mkp224o datura
sorting filters... done.
filters:
datura
in total, 1 filter
using 12 threads
daturacccspczuluj2hbgqfcpkjo75hn7bzmuzsm5zys3az6k3su45ad.onion
daturaxnp7x4ubwlslgyeaft5dabaxotmsaxanayocnpxarc7wi36kid.onion
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [lib/tor/onions]
2024-07-25 12:23:36 +02:00
→ ls -lash
total 16K
4.0K drwx------ 4 debian-tor debian-tor 4.0K Jan 27 15:33 .
4.0K drwx--S--- 8 debian-tor debian-tor 4.0K Feb 1 15:08 ..
4.0K drwx------ 3 debian-tor debian-tor 4.0K Jul 12 2023 daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion
4.0K drwx------ 3 debian-tor debian-tor 4.0K Jan 27 15:48 nihilhfjmj55gfbleupwl2ub7lvbhq4kkoioatiopahfqwkcnglsawyd.onion
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [lib/tor/onions]
2024-07-25 12:23:36 +02:00
→ ls -lash daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion
total 24K
4.0K drwx------ 3 debian-tor debian-tor 4.0K Jul 12 2023 .
4.0K drwx------ 4 debian-tor debian-tor 4.0K Jan 27 15:33 ..
4.0K drwx------ 2 debian-tor debian-tor 4.0K Jul 12 2023 authorized_clients
4.0K -r-------- 1 debian-tor debian-tor 63 Jul 12 2023 hostname
4.0K -r-------- 1 debian-tor debian-tor 64 Jul 12 2023 hs_ed25519_public_key
4.0K -r-------- 1 debian-tor debian-tor 96 Jul 12 2023 hs_ed25519_secret_key
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [/srv/mkp224o]
2024-07-25 12:23:36 +02:00
→ cat /etc/tor/torrc
HiddenServiceDir /var/lib/tor/onions/daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/
HiddenServicePort 80 127.0.0.1:4443 # for web service HTTP (recommended!)
HiddenServicePort 443 127.0.0.1:4444 # for web service HTTPS (but not recommended!)
HiddenServicePort 18080 127.0.0.1:18080 # for monero nodes
HiddenServicePort 18081 127.0.0.1:18081 # for monero nodes
# to have another hidden service, you can append it afterward like so; but you need to use different ports:
HiddenServiceDir /var/lib/tor/onions/nihilhfjmj55gfbleupwl2ub7lvbhq4kkoioatiopahfqwkcnglsawyd.onion/
HiddenServicePort 80 127.0.0.1:4445
< / code > < / pre >
< p > Make sure that the file permissions are correct in the /var/lib/tor/onions/datura...onion/ directory:< / p >
< pre > < code class = "nim" >
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [lib/tor/onions]
2024-07-25 12:23:36 +02:00
→ chmod 700 daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [lib/tor/onions]
2024-07-25 12:23:36 +02:00
→ chmod 400 daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/*
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [lib/tor/onions]
2024-07-25 12:23:36 +02:00
→ chmod 700 daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/authorized_clients -R
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [lib/tor/onions]
2024-08-03 09:40:59 +02:00
→ chown debian-tor: /var/lib/tor/onions -R
2024-07-25 12:23:36 +02:00
< / pre > < / code >
< p > Now let's set it up on our webserver:< / p >
< pre > < code class = "nim" >
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [~debian-tor/onions]
→ cat /etc/nginx/sites-available/nowhere.moe.conf
2024-07-25 12:23:36 +02:00
server {
listen 80;
listen [::]:80;
2024-08-12 23:22:38 +02:00
server_name nowhere.moe;
2024-07-25 12:23:36 +02:00
return 301 https://$server_name$request_uri;
}
server {
< b > ######## TOR CHANGES ########
listen 4443;
listen [::]:4443;
server_name daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
add_header Onion-Location "http://daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
######## TOR CHANGES ########< / b >
listen 443 ssl http2;
listen [::]:443 ssl http2;
2024-08-12 23:22:38 +02:00
server_name nowhere.moe;
2024-07-25 12:23:36 +02:00
2024-08-12 23:22:38 +02:00
ssl_certificate /etc/acme/certs/nowhere.moe/fullchain.cer;
ssl_trusted_certificate /etc/acme/certs/nowhere.moe/nowhere.moe.cer;
ssl_certificate_key /etc/acme/certs/nowhere.moe/nowhere.moe.key;
2024-07-25 12:23:36 +02:00
[...]
2024-08-12 23:22:38 +02:00
root /srv/nowhere.moe/;
2024-07-25 12:23:36 +02:00
}
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [~debian-tor/onions]
→ cat /etc/nginx/sites-available/nowhere.moe.conf
2024-07-25 12:23:36 +02:00
server {
listen 80;
listen [::]:80;
2024-08-12 23:22:38 +02:00
server_name nowhere.moe;
2024-07-25 12:23:36 +02:00
return 301 https://$server_name$request_uri;
}
server {
< b > ######## TOR CHANGES ########
listen 4445;
listen [::]:4445;
server_name nihilhfjmj55gfbleupwl2ub7lvbhq4kkoioatiopahfqwkcnglsawyd.onion;
add_header Onion-Location "http://nihilhfjmj55gfbleupwl2ub7lvbhq4kkoioatiopahfqwkcnglsawyd.onion$request_uri" always;
######## TOR CHANGES ########< / b >
listen 443 ssl http2;
listen [::]:443 ssl http2;
2024-08-12 23:22:38 +02:00
server_name nowhere.moe;
2024-07-25 12:23:36 +02:00
[...]
2024-08-12 23:22:38 +02:00
root /srv/nowhere.moe/;
2024-07-25 12:23:36 +02:00
2024-08-12 23:22:38 +02:00
ssl_certificate /etc/acme/certs/nowhere.moe/fullchain.cer;
ssl_trusted_certificate /etc/acme/certs/nowhere.moe/nowhere.moe.cer;
ssl_certificate_key /etc/acme/certs/nowhere.moe/nowhere.moe.key;
2024-07-25 12:23:36 +02:00
}
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/0 ] [tor/onions/daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion]
2024-07-25 12:23:36 +02:00
→ nginx -t
2023/07/12 21:46:16 [emerg] 113983#113983: could not build server_names_hash, you should increase server_names_hash_bucket_size: 64
nginx: configuration file /etc/nginx/nginx.conf test failed
#if it gives you this error do the following:
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/0 ] [tor/onions/daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion]
2024-07-25 12:23:36 +02:00
→ vim /etc/nginx/nginx.conf
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/0 ] [tor/onions/daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion]
2024-07-25 12:23:36 +02:00
→ cat /etc/nginx/nginx.conf |grep 128
server_names_hash_bucket_size 128;
[ 10.0.0.101/16 ] [ /dev/pts/12 ] [/var/lib/tor]
→ nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[ 10.0.0.101/16 ] [ /dev/pts/12 ] [/var/lib/tor]
→ nginx -s reload
[ 10.0.0.101/16 ] [ /dev/pts/8 ] [~debian-tor]
→ sudo -u debian-tor tor
Jan 23 16:57:19.270 [notice] Tor 0.3.5.16 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.3.8.
Jan 23 16:57:19.270 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jan 23 16:57:19.270 [notice] Read configuration file "/etc/tor/torrc".
Jan 23 16:57:19.278 [notice] Opening Socks listener on 127.0.0.1:9050
Jan 23 16:57:19.278 [notice] Opened Socks listener on 127.0.0.1:9050
Jan 23 16:57:19.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Jan 23 16:57:19.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Jan 23 16:57:19.000 [warn] You are running Tor as root. You don't need to, and you probably shouldn't.
Jan 23 16:57:19.000 [notice] Bootstrapped 0%: Starting
Jan 23 16:57:20.000 [notice] Starting with guard context "default"
Jan 23 16:57:20.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Jan 23 16:57:20.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Jan 23 16:57:20.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Jan 23 16:57:21.000 [notice] Bootstrapped 100%: Done
< / code > < / pre >
< p > From there we can check if our tor website is up:< / p >
< img src = "1.png" class = "imgRz" >
< img src = "2.png" class = "imgRz" >
< p > It works! Now let's use systemctl to start tor instead:< / p >
< pre > < code class = "nim" >
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [~debian-tor/onions]
2024-07-25 12:23:36 +02:00
→ systemctl restart tor@default
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [~debian-tor/onions]
2024-07-25 12:23:36 +02:00
→ systemctl status tor@default
● tor@default.service - Anonymizing overlay network for TCP
Loaded: loaded (/lib/systemd/system/tor@default.service; enabled-runtime; preset: enabled)
Active: active (running) since Thu 2024-02-01 15:24:07 CET; 18min ago
Process: 3027334 ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /run/tor (code=exited, status=0/SUCCESS)
Process: 3027335 ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config (code=exited, status=0/SUCCESS)
Main PID: 3027336 (tor)
Tasks: 30 (limit: 77000)
Memory: 636.4M
CPU: 49.885s
CGroup: /system.slice/system-tor.slice/tor@default.service
├─3027336 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0
└─3027337 /usr/bin/obfs4proxy
2024-08-12 23:22:38 +02:00
Feb 01 15:24:26 nowhere.moe Tor[3027336]: Your network connection speed appears to have changed. Resetting timeout to 60000ms after 18 timeouts and 1000 buildtimes.
Feb 01 15:25:09 nowhere.moe Tor[3027336]: Performing bandwidth self-test...done.
2024-07-25 12:23:36 +02:00
< / code > < / pre >
< p > Now we can do the same for a subdomain:< / p >
< pre > < code class = "nim" >
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [/etc/nginx/sites-available]
→ cat cringe.nowhere.moe.conf
2024-07-25 12:23:36 +02:00
server {
listen 443 ssl;
2024-08-12 23:22:38 +02:00
server_name cringe.nowhere.moe;
2024-07-25 12:23:36 +02:00
2024-08-12 23:22:38 +02:00
ssl_certificate /etc/acme/certs/cringe.nowhere.moe/cringe.nowhere.moe.cer;
ssl_certificate_key /etc/acme/certs/cringe.nowhere.moe/cringe.nowhere.moe.key;
2024-07-25 12:23:36 +02:00
< b > ######## TOR CHANGES ########
listen 4443;
listen [::]:4443;
server_name cringe.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
add_header Onion-Location "http://cringe.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
######## TOR CHANGES ########< / b >
[...]
location / {
proxy_pass http://localhost:8083;
}
location = /robots.txt {
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
}
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [/etc/nginx/sites-available]
2024-07-25 12:23:36 +02:00
→ nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
2024-08-12 23:22:38 +02:00
[ nowhere.moe ] [ /dev/pts/11 ] [/etc/nginx/sites-available]
2024-07-25 12:23:36 +02:00
→ nginx -s reload
2024/02/01 15:45:18 [notice] 3045373#3045373: signal process started
< / code > < / pre >
< img src = "3.png" class = "imgRz" >
2024-10-19 19:34:44 +02:00
< p > Now that we have our website up and running, it's better to configure some < strong > DoS countermeasures< / strong > to avoid any unpleasant problems.< / p >
< p > There are many countermeasures, one of the most effective is < strong > PoW< / strong > . If you want to learn more about other DoS prevention methods check the < a href = "https://community.torproject.org/onion-services/advanced/dos/" > guidelines< / a > . If you want to learn more about how PoW works, check out the < a href = "https://onionservices.torproject.org/technology/pow/" > FAQs< / a > .< / p >
< p > Without further ado, let's enable PoW for our onion service.
< br / >
Add the following to your < code > /etc/tor/torrc< / code >
< / p >
< pre > < code class = "nim" > HiddenServicePoWDefensesEnabled 1
HiddenServicePoWQueueRate 250
HiddenServicePoWQueueBurst 2500
< / code > < / pre >
< p > This is what the options do (taken from < code > tor(1)< / code > manual)< / p >
< pre > < code class = "nim" > HiddenServicePoWDefensesEnabled 0|1
Enable proof-of-work based service DoS mitigation. If set to 1
(enabled), tor will include parameters for an optional client
puzzle in the encrypted portion of this hidden service’ s
descriptor. Incoming rendezvous requests will be prioritized based
on the amount of effort a client chooses to make when computing a
solution to the puzzle. The service will periodically update a
suggested amount of effort, based on attack load, and disable the
puzzle entirely when the service is not overloaded. (Default: 0)
HiddenServicePoWQueueRate NUM
The sustained rate of rendezvous requests to dispatch per second
from the priority queue. Has no effect when proof-of-work is
disabled. If this is set to 0 there’ s no explicit limit and we will
process requests as quickly as possible. (Default: 250)
HiddenServicePoWQueueBurst NUM
The maximum burst size for rendezvous requests handled from the
priority queue at once. (Default: 2500)
< / code > < / pre >
< p > If you don't know what < em > rendezvous requests< / em > are, check out < a href = "https://spec.torproject.org/rend-spec/rendezvous-protocol.html" > the specification< / a > , but essentially see them as "Hello I am NODE_X, I want to connect to NODE_Y to create a circuit, can you let me do it?"< / p >
< p > If you are wondering how the priority queue is managed, think of it as how much < em > effort< / em > the client put into solving the challenge; the more effort the < em > higher< / em > the client priority will be (but also the time took to solve the challenge)< / p >
< p > Don't forget to restart the hidden service to enable the changes made.< / p >
2024-07-25 12:23:36 +02:00
< / div >
< / div > <!-- /row -->
< / div > <!-- /container -->
< / div > <!-- /white -->
<!-- +++++ Footer Section +++++ -->
< div id = "anonb" >
< div class = "container" >
< div class = "row" >
< div class = "col-lg-4" >
< h4 > Nihilism< / h4 >
< p >
2024-10-06 19:05:00 +02:00
Until there is Nothing left.< / p > < / br > < / br > < p > Creative Commons Zero: No Rights Reserved< / br > < img src = "\CC0.png" >
2024-07-25 12:23:36 +02:00
< / p >
< / div > <!-- /col - lg - 4 -->
< div class = "col-lg-4" >
< h4 > My Links< / h4 >
< p >
2024-10-03 21:57:20 +02:00
< a target = "_blank" rel = "noopener noreferrer" href = "http://blog.nowhere.moe/rss/feed.xml" > RSS Feed< / a > < br / > < a target = "_blank" rel = "noopener noreferrer" href = "https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FL5jrGV2L_Bb20Oj0aE4Gn-m5AHet9XdpYDotiqpcpGc%3D%40nowhere.moe%2FH4g7zPbitSLV5tDQ51Yz-R6RgOkMEeCc%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAkts5T5AMxHGrZCCg12aeKxWcpXaxbB_XqjrXmcFYlDQ%253D&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22c3Y-iDaoDCFm6RhptSDOaw%3D%3D%22%7D" > SimpleX Chat< / a > < br / >
2024-07-25 12:23:36 +02:00
< / p >
< / div > <!-- /col - lg - 4 -->
< div class = "col-lg-4" >
< h4 > About nihilist< / h4 >
2024-08-28 20:13:19 +02:00
< p style = "word-wrap: break-word;" > < u > Donate XMR:< / u > 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8< / p > < / br > < p > < u > Contact:< / u > nihilist@contact.nowhere.moe (< a href = "https://nowhere.moe/nihilist.pubkey" > PGP< / a > )< / p >
2024-07-25 12:23:36 +02:00
< / div > <!-- /col - lg - 4 -->
< / div >
< / div >
< / div >
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
< / body >
< / html >